<?php
/**
 * +---------------------------------------------------
 * @File: IIARBAC.class.php
 * @Function: 基于角色的权限认证
 * @Date: 2011-4-6
 * @Author: Jackean <mosquitoyuan@163.com>
 * @copyright: ThinkPHP
 * @ameliorate：Jackean
 * @Version: 1.0.1
 * +---------------------------------------------------
 */
 
 class IIARBAC extends Think
 {
 	//登录认证
 	static public function LoginAuthenticaate($map,$model)
 	{
 		if(empty($model)) $model = C('USER_AUTH_MODEL');
 		return M($model)->where($map)->find();
 	}
 	
 	//获取用户的权限节点并保存到SESSION中
 	static public function saveAccessList($authid=null)
 	{
 		if ($authid == null) $authid = $_SESSION[C('USER_AUTH_KEY')];
 		$_SESSION['_AUTH_ACCESS_LIST'] = self::getAccessList($authid);
 	}
 	
 	//权限认证过滤器
 	static public function AccessDecision()
 	{
 		if (self::CheckAccess())
 		{
 			$modName = self::subHashstr(MODULE_NAME, 2, 28);
 			$actName = self::subHashstr($modName.ACTION_NAME);
 			$Accesslist = $_SESSION['_AUTH_ACCESS_LIST'];
			
 			if (in_array($modName, $Accesslist['module']))
 			{
 				if (in_array($actName, $Accesslist['maction']))
 				{
 					return true;
 				}else 
 				{
 					return false;
 				}
 			}else {
 				return false;
 			}
 		}else {
 			return true;
 		}
 	}
 	
 	//检查用户当前的操作权限
 	static function CheckAccess()
 	{
 		if (C('USER_AUTH_ON'))
 		{
 			$_Module = array();
 			$_Action = array();
 			if (C('REQUIRE_AUTH_MODULE') != "")
 			{
 				$_Module['Yes'] = explode(',', strtolower(C('REQUIRE_AUTH_MODULE')));
 			}else {
 				$_Module['No'] = explode(',', strtolower(C('NOT_AUTH_MODULE')));
 			}
 			
 			if (C('REQUIRE_AUTH_ACTION') != "")
 			{
 				$_Action['Yes'] = explode(',', strtolower(C('REQUIRE_AUTH_ACTION')));
 			}else {
 				$_Action['No'] = explode(',', strtolower(C('NOT_AUTH_ACTION')));
 			}
 			
 			if ((!empty($_Module['No']) && !in_array(strtolower(MODULE_NAME), $_Module['No'])) || (!empty($_Module['Yes']) && in_array(strtolower(MODULE_NAME), $_Module['Yes'])))
 			{
 				if ((!empty($_Action['No']) && !in_array(strtolower(ACTION_NAME), $_Action['No'])) || (!empty($_Action['Yes']) && in_array(strtolower(ACTION_NAME), $_Action['Yes'])))
 				{
 					return true;
 				}else {
 					return false;
 				}
 			}else {
 				return false;
 			}
 			
 		}else 
 		{
 			return false;
 		}
 	}
 	
 	//依据用户ID获取用户的权限节点
 	static public function getAccessList($authid)
 	{
 		$AuthorizationList = self::getUesrNodeList($authid);
 		
 		$accessList = array();
 		$acliist = array();
 		$map = array();
 		$map['status'] = array('egt',1);
 		$NodeList = M(C('RBAC_NODE_TABLE'))->where($map)->select();
 		
 		foreach ($NodeList as $fnode)
 		{
 			if (in_array($fnode['id'], $AuthorizationList) && $fnode['level'] == 1)
 			{
 				$accessList['module'][$fnode['id']] = self::subHashstr($fnode['ename'],2,28);
 			}
 			if (in_array($fnode['id'], $AuthorizationList) && $fnode['level'] == 2)
 			{
 				$acliist[$fnode['id']]['ename'] = $fnode['ename'];
 				$acliist[$fnode['id']]['pid'] = $fnode['pid'];
 			}
 		}
 		
 		foreach ($acliist as $key=>$alv)
 		{
 			$accessList['action'][$key] = self::subHashstr($alv['ename']);
 			$accessList['maction'][$key] = self::subHashstr($accessList['module'][$alv['pid']].$alv['ename']);
 		}
 		
 		return $accessList;
 	}
 	
 	//获取用户角色的权限表
 	static function getUesrNodeList($authid)
 	{
 		//获取用户角色
 		$Find_Role_Id = M(C('RBAC_USER_TABLE'))->where('`u_id`='.$authid)->getField('r_id'); 		
 		$rolestatus = M(C('RBAC_ROLE_TABLE'))->where('`id`='.$Find_Role_Id)->getField('status');
 		if ($rolestatus != 1) $Find_Role_Id = NUll;
 		//获取角色权限节点ID
 		$FindNodeMap = array();
 		$FindNodeMap['r_id'] = $Find_Role_Id;
 		$FindNodeID = M(C('RBAC_ACCESS_TABLE'))->where($FindNodeMap)->getField('node_id');
 		$NodeList = explode(',', $FindNodeID);
 		return $NodeList;
 	}
 	
 	//加密字符串并按规定截取
 	static function subHashstr($str,$start=0,$length=0,$type='md5')
 	{
 		$str = strtolower($str);
		$encrypt_str = hash($type, $str);		
		if ($start == 0) $restr = $encrypt_str;
		if ($length == 0) $restr = substr($encrypt_str,$start);
		if ($start != 0 && $length != 0) $restr = substr($encrypt_str,$start, $length);
	
		return $restr;
 	}
 	
 }
 ?>